GEOANALYSIS SA, distinctive title GEOANALYSIS AE (hereinafter referred to as “We”, “Us”, “The Company”, “Our”) commits itself to protect your privacy and handle your personal data in an open and transparent way, in accordance with the stipulations and requirements of the law. The personal data we collect and process depend on the product or service requested and agreed upon in every special case.
This data protection declaration:
- Provides an overview of the type, procedure, and way in which the “Company” collects and processes personal data and informs you of your rights in accordance with the domestic law on data protection and the General Data Protection Regulation (“GDPR”);
- Is addressed to natural persons who are existing or potential clients of the “Company”, authorized representatives/agents, or beneficial owners of natural persons or legal entities, which are existing or potential clients or associates or the “Company”, as well as to any other person whose personal data has come into our possession in any way, following consent or under any other legal relationship;
- Is addressed to natural persons who have had such a business relationship with the “Company” in the past;
- Provides information about when there shall be a disclosure/exchange of your personal data to other companies of the Group and other third parties (for example, our service providers, suppliers, or consortia the “Company” participates into, under a certain project preparation or service mandate by our principals, including HELLENIC CADASTRE, Public Services, etc.).
In this data protection declaration, your data is sometimes referred to as “personal data” or “personal information”. Other times, reference is collectively made to the handling, collection, protection, and storage/retention of personal data, or to any other similar operation as “processing” of such personal data.
For the purposes of this declaration, personal data shall mean any pieces of information concerning you, by which your identity is verified, or can be verified, including, among others, your full name, address, or identity card number.
1. Who we are
GEOANALYSIS SA, distinctive title GEOANALYSIS SA, is an approved legal entity governed by private law, in the form of a Public Limited Company (SA) with registered office in Thessaloniki. The Company was established on 15.03.1988 by virtue of Notarial Deed No. 2722, as cited in the Official Government Gazette of the Hellenic Republic No. 551/31.03.1988 (Issue on SA’s), and is registered in the General Electronic Commercial Registry (GEMI) under GEMI Registry No. 057655604000.
The Company’s head office is situated at no. 54, Gennimata Street, Postal Code, 55135, Thessaloniki.
If you have any questions or if you need any additional information on how we use your personal information, please contact the Data Protection Officer of our Company at the following address: 54, G. Gennimata Street, Postal Code 55135, Thessaloniki, E-mail: dpo@geoanalysis.gr.
2. Other entities of the Group
The Company participates in a number of Consortia as member and also as affiliated company with separate legal entities, where each entity has their own individual data protection declaration. There entities have their own websites, which may be linked to ours. If you are interested in knowing how your personal data is processed, please refer to the corresponding data protection declarations, which you can find in their websites.
3. What personal data we process and where we collect it from
We collect and process different types of personal data, which we receive from our (existing and potential) clients or any third parties, in person, or through their representatives, or through our alternative channels of communication, including our website, in the context of our business relationship or other legal relationship with them.
We may also process any personal data, which we legally obtain not only from the persons concerned, but also from the affiliated companies and/or specific-purpose consortia, where the Company participates into, or from any other third parties, public authorities, companies of the wider public sector, which constitute our principals (Data Controllers), following a lawful order to that effect.
In addition, we may collect and process personal data coming from publicly available sources (including, among others, Tiresias SA, any commercial and/or professional registers, employment agencies, etc.), which we lawfully obtain and process according to law.
If you are a prospective client or counterparty (e.g., potential provider, associate, subcontractor, etc.), an authorized representative/agent, or beneficial owner of a natural person or legal entity that is a prospective client, the relevant personal data we collect may include the following:
Full name, address, contact details (telephone, e-mail), identification data, bank account details, date of birth, place of birth (town/city and country), marital status, employment status, i.e., whether you are a salaried employee or self-employed, taxpayer identification number (TIN), qualifications, licence to exercise a profession, detailed curriculum vitae, etc.
If personal data is collected in the context of preparation of a service contract with a client/principal (Data Controller), whether with the Greek State – e.g., HELLENIC CADASTRE, or any other entity of the wider public sector, for which we have undertaken to collect and process personal data, such personal data collected mainly refer to the identity of any person having a real right (right in rem), or to any services and cadastral survey / land consolidation contracts, implementation acts, expropriations / preparation of farm registers, etc.
4. Data relating to children
We understand the importance of the protection of privacy with regard to children. We are entitled to collect personal data relating to children (as beneficiaries of real rights) only provided that we have first obtained the consent of their parents or legal guardians, unless this is permitted by law. For the purposes of this data protection declaration, the term “children” shall mean any persons under the age of eighteen (18) years.
5. To what extent you are obliged to give us your personal data
In order to be able to establish a business relationship or any other working relationship with you, you must give us your personal data, which is necessary for the establishment and performance of a business relationship or cooperation and the fulfillment of our contractual obligations, in accordance with the requirements of the law.
Therefore, you must at least produce a copy of your identity card/passport, give us your full name, place of birth (town/city and country), home address, and taxpayer identification number (TIN), data which is necessary for entering into any type of cooperation agreement in writing.
6. Why we process your personal data and on what legal basis
As cited above, we commit ourselves to protecting your privacy and handling your data in an open and transparent way; therefore, we process your personal data in accordance with the General Data Protection Regulation (GDPR) and the domestic law on data protection for one or more of the following reasons:
A. Performance of Contract
We process personal data in order to carry out banking transactions and provide services on the basis of agreements concluded with our clients, and be able to enter into agreements with potential clients.
B. Compliance with Legal Obligations
There are certain legal obligations arising from the relevant laws (tax laws, labour laws, etc.), which are applicable to the Company, and requirements based on laws or regulations, including, among others, Submission of Data relating to Beneficiaries of Real Property Rights in the context of National Cadastre contracts, according to Laws 2308/1995, 2664/1998, 341/2006, 4164/2013 etc.
C. Protection of Legitimate Interests
We process personal data in order to safeguard any legitimate interests pursued by us or by third parties. There is a legitimate interest whenever we use your personal information for a reasonable business or commercial purpose. Even then, such purpose must not be unlawfully contrary to what is right and best for you. These processing activities include the following:
- Establishment of legitimate claims and preparation of our defence in legal proceedings;
- Means and procedures that we undertake to ensure for security of the IT Department, prevention of potential criminal activities, asset security, access acceptance controls, and taking of measures against infringements;
- Installation of surveillance systems (closed-circuit television cameras – CCTV), e.g., for preventing criminal activities;
- Measures for business management and further development of products and services;
- Management of risks both for the company and for their shares in specific-purpose consortia or affiliated companies.
D. Since you have expressly provided your legal consent
…to such processing of personal data (in addition to the reasons cited above), the legality of such processing is based on this consent. You have the right to withdraw your consent at any time. However, any processing of personal data performed prior to the receipt of such withdrawal or revocation, shall not be affected.
7. Who are the recipients of your personal data
In fulfilling our contractual and legal/statutory obligations, your personal data may be disclosed to different departments of the Company or affiliated companies and/or specific-purpose Consortia related to the necessity of such data, for which all necessary provisions for protection and lawful processing of data have been made. In addition, various service providers and suppliers may receive your personal data, so that we can fulfill our obligations. These service providers and suppliers enter into agreements with the Company, whereby they undertake to ensure the confidentiality and protection of your data, in accordance with the domestic law on data protection and the General Data Protection Regulation (GDPR).
All processors appointed by us for processing personal data in our name and on our behalf shall undertake to comply with the provisions of GDPR on a contractual basis.
In these circumstances, the recipients of personal data include the following:
- HELLENIC CADASTRE
- Public bodies and/or organizations of the wider public sector, for which we provide contract services, or Data Controllers;
- Municipal entities, local authorities, specific-purpose Consortia which have undertaken to perform specific public works contracts;
- File storage companies, archiving companies and/or file management companies, cloud storage providers;
- Cooperating companies, associates, subcontractors providing assistance in the effective provision of our services to our Principals (Data Controllers).
8. Transmission of personal data to a third country or international organization
With regard to our associates, employees and subcontractors, excluding any other persons, your personal data may be transmitted to third countries [i.e., countries outside the European Economic Area] if our Company is obliged to submit such data in order to perform a works contract or provide a service, following exercise of a legal right or notification in writing, so that you can give us your consent to such transmission.
The data controllers or processors in these third countries shall be obliged to comply with EU data protection standards and provide appropriate safeguards related to the transmission of your data according to Article 46 of the General Data Protection Regulation (GDPR).
9. To what extent there is an automated decision-making process, including profiling
In general, in the establishment and carrying out of a business relationship, we are not using any automated decision-making process. We may automatically process some of your data, with the aim of evaluating certain personal aspects (profiling), in order to conclude or perform an agreement with you.
In these cases, a competent natural person – official of our Company shall take part in the decision-making process and you shall be given all legal rights to intervene.
10. How we deal with your personal data for marketing activities and to what extent profiling is used for such activities
We may process your personal data in order to inform you of any products, services and offers you or your company may be interested in.
The personal data we process to this end consist in any information provided to us and exclusively related to information and communication activities. We study all these pieces of information in order to form an opinion about what we think you may need or what you may be interested in. Profiling is not used, i.e., we do not automatically process your personal data with the aim of evaluating certain personal details, in order to give you targeted marketing information on products.
We may use your personal data in order to promote our products and services to you, only if we have obtained your explicit consent to it, or, in some cases, if we consider that we have the legitimate interest in doing so.
You have the right to object to the processing of your personal data for marketing, information or communication purposes at any time, by sending us an e-mail at: info@geoanalysis.gr.
11. For how long we keep your personal information
We shall keep your personal data for as long as we have a business or other legal relationship with you, for as long as your lawful consent is given for, for the time period required according to tax laws or other domestic laws, or for the period stipulated in the directives of the competent data protection authority [individually or in relation to our transactions with a legal entity that you have been authorized to represent or you are the beneficial owner of].
12. Your Data Protection Rights
You have the following rights with regard to your personal data we maintain for you:
- To have access to your personal data. This allows you, for example, to receive a copy of the personal data file we keep for you and verify that your data is legally processed. If you want to receive a copy of the file, please send an e-mail at info@geoanalysis.gr.
- To ask for the correction of the personal data we keep for you. This allows you to correct any incomplete or inaccurate data we keep for you.
- To ask for the deletion of your personal information [known as “right to be forgotten”]. This allows you to ask us to delete your personal data whenever there is no valid reason for us to keep on processing this data.
- To object to the processing of your personal data [known as “right to object”] when we have a legitimate interest in such processing, but there is something special in your situation, which makes you want to object to such processing for that reason. If you file an objection, we shall no longer process your personal data, unless we can prove some lawful impelling reasons for such processing, which prevail over your own interests, rights, and freedoms.
- To withdraw or restrict the consent you have given us regarding the processing of your personal data at any time. Please note that any withdrawal of your consent shall not affect the legality of any processing which was based on this consent, prior to such withdrawal or revocation.
- To demand portability of your data to any third parties, and compliance with all other provisions of the General Data Protection Regulation (GDPR).
- To address yourselves to the data controller and the data protection officer of our Company.
- To exercise any legal rights you may have before the competent authorities.
13. Cookies
Our website uses small pieces of data, also known as “cookies”, in order to better operate and improve your experience.
If you want to learn more about how we use cookies, please refer to our policy on cookies.
Note:
The General Data Protection Regulation (GDPR) (EE) 2016/679 entered into force on 25th May 2018.
15/05/2018